CVE-2024-20313

Summary

A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of OSPF updates that are processed by a device. An attacker could exploit this vulnerability by sending a malformed OSPF update to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco IOS XE Software17.5.1affected
CiscoCisco IOS XE Software17.5.1aaffected
CiscoCisco IOS XE Software17.6.1affected
CiscoCisco IOS XE Software17.6.2affected
CiscoCisco IOS XE Software17.6.1waffected
CiscoCisco IOS XE Software17.6.1aaffected
CiscoCisco IOS XE Software17.6.1xaffected
CiscoCisco IOS XE Software17.6.3affected
CiscoCisco IOS XE Software17.6.1yaffected
CiscoCisco IOS XE Software17.6.1zaffected
CiscoCisco IOS XE Software17.6.3aaffected
CiscoCisco IOS XE Software17.6.4affected
CiscoCisco IOS XE Software17.6.1z1affected
CiscoCisco IOS XE Software17.6.5affected
CiscoCisco IOS XE Software17.6.5aaffected
CiscoCisco IOS XE Software17.7.1affected
CiscoCisco IOS XE Software17.7.1aaffected
CiscoCisco IOS XE Software17.7.1baffected
CiscoCisco IOS XE Software17.7.2affected
CiscoCisco IOS XE Software17.10.1affected
CiscoCisco IOS XE Software17.10.1aaffected
CiscoCisco IOS XE Software17.10.1baffected
CiscoCisco IOS XE Software17.8.1affected
CiscoCisco IOS XE Software17.8.1aaffected
CiscoCisco IOS XE Software17.9.1affected
CiscoCisco IOS XE Software17.9.1waffected
CiscoCisco IOS XE Software17.9.2affected
CiscoCisco IOS XE Software17.9.1aaffected
CiscoCisco IOS XE Software17.9.1xaffected
CiscoCisco IOS XE Software17.9.1yaffected
CiscoCisco IOS XE Software17.9.3affected
CiscoCisco IOS XE Software17.9.2aaffected
CiscoCisco IOS XE Software17.9.1x1affected
CiscoCisco IOS XE Software17.9.3aaffected
CiscoCisco IOS XE Software17.9.1y1affected
CiscoCisco IOS XE Software17.11.1affected
CiscoCisco IOS XE Software17.11.1aaffected
CiscoCisco IOS XE Software17.11.99SWaffected

Weaknesses

  • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References